CVE-2001-0011

Name of the Vulnerable Software and Affected Versions: BIND versions 4.9 through 4.9.7 BIND version 8.2

Description: The issue is related to a buffer overflow and a format string vulnerability in the nslookupComplain() function of the BIND package, which is used to report errors when locating IP addresses for DNS servers. A remote attacker can send a specially-crafted DNS query to the server to overflow the buffer or execute arbitrary code on the system with privileges of the BIND server.

Recommendations: For BIND versions 4.9 through 4.9.7, consider disabling the nslookupComplain() function until a patch is available. For BIND version 8.2, consider disabling the nslookupComplain() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.